|
199541
|
8.8 |
HIGH
Network
|
epson
|
eps_tse_server_8_firmware
|
Lack of an anti-CSRF token in the entire administrative interface in EPSON EPS TSE Server 8 (21.0.11) allows an unauthenticated attacker to force an administrator to execute external POST requests by…
|
CWE-352
Origin Validation Error
|
CVE-2020-28931
|
2024-11-21 14:23 |
2020-12-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199542
|
5.4 |
MEDIUM
Network
|
epson
|
eps_tse_server_8_firmware
|
A Cross-Site Scripting (XSS) issue in the 'update user' and 'delete user' functionalities in settings/users.php in EPSON EPS TSE Server 8 (21.0.11) allows an authenticated attacker to inject a JavaSc…
|
CWE-79
Cross-site Scripting
|
CVE-2020-28930
|
2024-11-21 14:23 |
2020-12-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199543
|
9.8 |
CRITICAL
Network
|
epson
|
eps_tse_server_8_firmware
|
Unrestricted access to the log downloader functionality in EPSON EPS TSE Server 8 (21.0.11) allows an unauthenticated attacker to remotely retrieve administrative hashed credentials via the maintenan…
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2020-28929
|
2024-11-21 14:23 |
2020-12-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199544
|
7.5 |
HIGH
Network
|
p11-kit_project
debian
oracle
|
p11-kit
debian_linux
communications_cloud_native_core_policy
|
An issue was discovered in p11-kit 0.23.6 through 0.23.21. A heap-based buffer overflow has been discovered in the RPC protocol used by p11-kit server/remote commands and the client library. When the…
|
CWE-787
Out-of-bounds Write
|
CVE-2020-29363
|
2024-11-21 14:23 |
2020-12-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199545
|
5.3 |
MEDIUM
Network
|
p11-kit_project
|
p11-kit
|
An issue was discovered in p11-kit 0.21.1 through 0.23.21. A heap-based buffer over-read has been discovered in the RPC protocol used by thep11-kit server/remote commands and the client library. When…
|
CWE-125
Out-of-bounds Read
|
CVE-2020-29362
|
2024-11-21 14:23 |
2020-12-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199546
|
7.5 |
HIGH
Network
|
p11-kit_project
debian
|
p11-kit
debian_linux
|
An issue was discovered in p11-kit 0.21.1 through 0.23.21. Multiple integer overflows have been discovered in the array allocations in the p11-kit library and the p11-kit list command, where overflow…
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2020-29361
|
2024-11-21 14:23 |
2020-12-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199547
|
6.1 |
MEDIUM
Network
|
directoriespro
|
directories_pro
|
A cross-site scripting (XSS) vulnerability exists in the SabaiApps WordPress Directories Pro plugin version 1.3.45 and previous, allows attackers who have convinced a site administrator to import a s…
|
CWE-79
Cross-site Scripting
|
CVE-2020-29304
|
2024-11-21 14:23 |
2020-12-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199548
|
6.1 |
MEDIUM
Network
|
directoriespro
|
directories_pro
|
A cross-site scripting (XSS) vulnerability in the SabaiApp Directories Pro plugin 1.3.45 for WordPress allows remote attackers to inject arbitrary web script or HTML via a POST to /wp-admin/admin.php…
|
CWE-79
Cross-site Scripting
|
CVE-2020-29303
|
2024-11-21 14:23 |
2020-12-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199549
|
5.3 |
MEDIUM
Network
|
openasset
|
digital_asset_management
|
OpenAsset Digital Asset Management (DAM) 12.0.19 and earlier failed to implement access controls on /Stream/ProjectsCSV endpoint, allowing unauthenticated attackers to gain access to potentially sens…
|
CWE-1236
Improper Neutralization of Formula Elements in a CSV File
|
CVE-2020-28861
|
2024-11-21 14:23 |
2020-12-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199550
|
8.8 |
HIGH
Network
|
openasset
|
digital_asset_management
|
OpenAssetDigital Asset Management (DAM) through 12.0.19 does not correctly sanitize user supplied input, incorporating it into its SQL queries, allowing for authenticated blind SQL injection.
|
CWE-89
SQL Injection
|
CVE-2020-28860
|
2024-11-21 14:23 |
2020-12-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
